In the current article, we were complete to process of “Enabling Outbound DKIM signing” in an Office 365 based environment.In addition, we review how to verify that the process of outgoing DKIM signature is implemented properly.

Activating (enabling) the Outbound DKIM signing for our domain name

In this phase, we assume that the required DNS CNAME records that redirect “DKIM queries” to the “dedicated Office 365 DKIM selector host name” that represent our public domain name were already created.

Note – we have reviewed the process of creating it requires DKIM CNAME records in the former article.

To activate (enabling) the option of Outbound DKIM signing for a specific domain name, use the following steps:

After we have enabled the option of Outbound DKIM signing, the next task is to verify that the configuration is implemented properly.

Our expectations are, that E-mail that is sent by our organization recipients, whom their E-mail address includes the domain name suffix for which we enabled the Outbound DKIM signing, will be signed by a DKIM selector, that his host name include our domain name.

For example, each E-mail that sent from the domain o365pilot.com, will contain information about a DKIM selector, that his host name includes the domain name o365pilot.com.

Just a quick reminder, in an Office 365 based environment, each “outgoing E-mail” will be automatically included DKIM signature, using the “default Office 365 DKIM selector” that use the domain name – “onMicrosoft”.

The purpose of enabling Outbound DKIM signing is – to change this default, so the DKIM selector name will include our domain name suffix.

After we enable the option of – Outbound DKIM signing, the “DKIM signature” will not include the default Office 365 DKIM selector host name (onMicrosoft) and instead, in our example, will include the host name selector1._domainkey.o365pilot.com or, the host name – selector2._domainkey.o365pilot.com.

If we want to be more accurate, although the “formal” host name of the DKIM selector that represents our domain name is “selector1._domainkey.o365pilot.com”, the “destination mail server”, will relate to a shorten version of the host name.

When we look at the information that appears in the E-mail message header that was sent to external recipient, the DKIM selector host name will appear as “Selector1.o365pilot.com”.

The verification process is implemented by sending E-mail to a “unique E-mail address” that provided by the web-based tool.

The E-mail message that we send will be accepted by the “destination mail server”, and after the E-mail is accepted, the web-based tool will provide a report that relates to the result of the DKIM signature test.

Copy the E-mail address that appears on the web page.

In this step, we send E-mail to the specific E-mail address from one of our organization users.

In our example, we want to verify the E-mail message that sent from a recipient who uses the domain name suffix – o365pilot.com include a “proper” DKIM signature.

After the E-mail message was sent, we will access the Web-based tool again and select the button – View Results

In the following screenshot, we can see the content of the E-mail message that was accepted by the “destination recipient.”

The information about that the “DKIM signature” inform us that the DKIM test “pass”, and the important thing is that the DKIM selector host name who signed the E-mail message is – selector1.o365pilot.com.

Restore Exchange Online mailbox | Article series index

In the current article, we were complete to process of “Enabling Outbound DKIM signing” in an Office 365 based environment.In addition, we review how to verify that the process of outgoing DKIM signature is implemented properly.